IT security news on the latest technology and the number one resource for your hardware and software needs.
Visit us at www.hyphenet.com

Thursday, March 1, 2012

Don't fall for 'Is it really you in this picture?' spam

“Is it really you in this picture?”

That was the subject line for one of three “bad photo” spam messages that we’ve encountered over the last few days.

For months, cybercriminals have been launching an assortment of phishing attacks and scams that lure victims in by claiming they’ve found a funny picture or bad blog about them. Typically the scams have been conducted on Twitter, but it was only a matter of time before cybercrooks decided to give email a try.

Although, when delivered via email, the goal is not necessarily to hijack your social media accounts, but infect your computer with malware that’s capable of doing much more damage.

Here are the two variants of the 'Is it really you in this picture?' spam campaign that we received:

From: CecilAgredano(at)mail.comSubject: Is it really you in this picture?

Cheers [EMAIL], what the hell is this photo supposed to mean? Who's that b*tch with you???

From: TheclaVescovi(at)mail.comSubject: Is it really you in this picture?What's up [EMAIL], O boy you look so funny naked! Don't share your naked photos again : )

Both emails had a file archive named “Photos.zip” attached to it. Of course, the archive was housing malware, which was identified as the Gamarue.B worm. (If the name seems familiar to you, it’s because Gamarue is the exact same malware being pushed in the USPS and “parking violation” spam messages we recently warned you about.)

Remember, it’s never a good idea to download and open files attached to unsolicited emails as the chances are high that it contains malware.

If you receive an email from an unfamiliar email address asking if it’s really you in a picture, claim they were sent a photo of you from your ex or that they “can’t believe what they see in this picture,” it’s recommended that you either delete the message or scan the file before downloading it.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.